Why does my business need a risk assessment?


There are two main reasons why all businesses should complete a risk assessment. The first is that risk assessments play a vital role in keeping people safe. The second is that they are a legal requirement. Risk assessments need to be repeated either when circumstances change or periodically. This means that many businesses will need to undertake them before bringing employees back to the workplace.

The basics of risk assessments

Risk assessments are simply a way of identifying anything which could potentially harm a person’s health and safety. Modern risk assessments take mental health and safety as seriously as physical health and safety.

The law does set minimum standards for risk assessments. For example, all businesses are required to undertake risk assessments for the hazard of fire. Many businesses will be required to undertake manual handling and/or display screen equipment (DSE) risk assessments. A few businesses will be required to undertake  Control of Substances Hazardous to Health Assessment (COSHH) assessments.

In general, however, businesses are given a lot of discretion in how they conduct their risk assessments. Because of this, it can be advisable to document not just the assessments themselves but the thought process behind them. This can be done by means of a Risk Assessment Method Statement (RAMS).

Employers should be very clear about the fact that they can delegate tasks related to risk assessment, but not accountability for health and safety. In other words, if there is an issue, the relevant authorities will take it up with the employer. The employer may, however, then take it up with the service provider as long as the contract between them is robust enough to support this.

Choosing the right frequency for risk assessments

In theory, a risk assessment should be valid until something changes. In practice, many changes go unnoticed until they have an impact. Peter Watson, Director of Watson and Watson Health and Safety Consultants commented, “It’s advisable to conduct risk assessments periodically even if there are no obvious changes. You should also conduct them as soon as possible after any identifiable changes.”

Choosing the right frequency for a risk assessment depends very much on your circumstances. As a rule of thumb, no matter what industry you are in, you should conduct a risk assessment at least once a year. In higher-risk environments, it’s advisable to shorten this. Basically, the higher the level of risk, the more often you should be conducting risk assessments.

Keep in mind that many companies will undertake activities with different types and levels of risk. For example, in an office, there may be a combination of knowledge workers, receptionists, security guards, cleaners and caterers. Each of these groups will have its own risks. There will also, generally be “shared risks” e.g. the walk from the car park to the office.

This means that employers might want to conduct risk assessments with varying degrees of frequency depending on the type of risk. Employers might also want to conduct risk assessments on a “rolling basis”. For example, instead of conducting DSE assessments once a year for all employees, you could assess a few employees each month.

Choosing the right approach for risk assessments

The ideal approach for any risk assessment is the one that offers maximum robustness with minimum disruption. If a risk assessment requires the assessor to go on-site while work is in progress, then the visit should be carefully planned in advance to minimize the impact on production.

A lot of the time, however, risk assessments can be as simple as scheduling time for a chat with relevant employees. They can give the assessor details of what they actually do and provide real-world feedback on any proposed risk-mitigation solutions. Sometimes, you might not even need an in-person (or video) meeting, a questionnaire may be sufficient.